CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31336
https://notcve.org/view.php?id=CVE-2024-31336
Imagination PowerVR-GPU in Android before 2024-09-05 has a High Severity Vulnerability, aka A-337949672. In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2024-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23716
https://notcve.org/view.php?id=CVE-2024-23716
In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2024-09-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32927
https://notcve.org/view.php?id=CVE-2024-32927
In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-08-01 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34743
https://notcve.org/view.php?id=CVE-2024-34743
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/native/+/3f85323b27d95a57bfa87cbf68dd4a143f9f88ad https://source.android.com/security/bulletin/2024-08-01 • CWE-269: Improper Privilege Management •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34742
https://notcve.org/view.php?id=CVE-2024-34742
In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/688e5c3012eb0a4ea88361588cf5026c10e4a42c https://source.android.com/security/bulletin/2024-08-01 •